SSL/HTTPS for Websites


Our Opinion on Google’s Latest Announcement

Google announced on August 7 that they will now be giving a small boost in rankings to sites that are run on HTTPS rather than HTTP. According to Google, this ranking boost will be very small at first, and may increase in importance over time. To run on HTTPS, you must have an SSL/TLS security certificate.

First, What Is SSL/TLS?

SSL, or Secure Socket Layer technology, is used to encrypt and decrypt information from one virtual location to another. It’s the original version of security on the internet. TLS (Transport Layer Security) is a more modern version of essentially the same thing. You’ve been seeing SSL in action for years, with that little lock icon on screens where you enter credit card information. Essentially what it means is that when you put your credit card information into the website, the information is encrypted before it is passed over the internet to its destination. This is done by using unique “keys” that are only available to the individual website owner. See this for more on how SSL/TLS works.

Why Does It Matter To You?

SSL is important when dealing with private confidential information like credit cards, but for the vast majority of sites, which are information or brochure-style only, it’s not as critical. That’s probably why you haven’t even heard about it until now. However, more and more sites are being compromised, information being hacked, and vulnerabilities being exploited than ever before. The technology that runs the internet is over 40 years old. It wasn’t designed to do what we now use it for. And the cracks in the armor (WordPress vulnerability and shared servers) are starting to show.

Eventually, you will have to migrate to HTTPS and SSL/TLS for your site, no matter what type of site it is, unless someone comes up with an entirely new and superior protocol to run the internet on (Don’t laugh, it has to happen eventually).

Our Recommendation For Now

If you already have a secure area of your site, like a shopping cart, we recommend that you begin making plans to expand the entire site to HTTPS security. This shouldn’t be too difficult or expensive, since you already have a CA (Certificate Authority) Licensed Security Certificate. You just need to expand its scope. If you choose to do this, you must contact your SEO, because the risk involved in making changes like this is just as big as the risk involved in migrating to a new domain. Also, look outside of Verisign for pricing; the prices at large hosting companies like GoDaddy or smaller CAs like Thawte are often far more affordable.

If you do not have any areas of your site that need to be secured, you can safely keep things as they are. It is likely that the cost involved with obtaining a security certificate, migrating the site, possibly even migrating servers, is far higher than the very small ranking boost you’ll gain from implementing https on your site.

However, if you have any changes planned (redesign, site migration, or server changes), now would be a good time to consider making the switch to https. Contact us for help in pricing and planning.

UPDATE: We called it! John Mueller of Google goes on record stating that “in the short term you are not going to see any visible SEO advantages”.

Aug, 12, 2014